001/*
002 * Copyright (C) 2008 The Guava Authors
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016
017package com.google.common.net;
018
019import com.google.common.annotations.Beta;
020import com.google.common.base.MoreObjects;
021import com.google.common.base.Preconditions;
022import com.google.common.hash.Hashing;
023import com.google.common.io.ByteStreams;
024import com.google.common.primitives.Ints;
025
026import java.net.Inet4Address;
027import java.net.Inet6Address;
028import java.net.InetAddress;
029import java.net.UnknownHostException;
030import java.nio.ByteBuffer;
031import java.util.Arrays;
032
033import javax.annotation.Nullable;
034
035/**
036 * Static utility methods pertaining to {@link InetAddress} instances.
037 *
038 * <p><b>Important note:</b> Unlike {@code InetAddress.getByName()}, the
039 * methods of this class never cause DNS services to be accessed. For
040 * this reason, you should prefer these methods as much as possible over
041 * their JDK equivalents whenever you are expecting to handle only
042 * IP address string literals -- there is no blocking DNS penalty for a
043 * malformed string.
044 *
045 * <p>When dealing with {@link Inet4Address} and {@link Inet6Address}
046 * objects as byte arrays (vis. {@code InetAddress.getAddress()}) they
047 * are 4 and 16 bytes in length, respectively, and represent the address
048 * in network byte order.
049 *
050 * <p>Examples of IP addresses and their byte representations:
051 * <ul>
052 * <li>The IPv4 loopback address, {@code "127.0.0.1"}.<br/>
053 *     {@code 7f 00 00 01}
054 *
055 * <li>The IPv6 loopback address, {@code "::1"}.<br/>
056 *     {@code 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01}
057 *
058 * <li>From the IPv6 reserved documentation prefix ({@code 2001:db8::/32}),
059 *     {@code "2001:db8::1"}.<br/>
060 *     {@code 20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01}
061 *
062 * <li>An IPv6 "IPv4 compatible" (or "compat") address,
063 *     {@code "::192.168.0.1"}.<br/>
064 *     {@code 00 00 00 00 00 00 00 00 00 00 00 00 c0 a8 00 01}
065 *
066 * <li>An IPv6 "IPv4 mapped" address, {@code "::ffff:192.168.0.1"}.<br/>
067 *     {@code 00 00 00 00 00 00 00 00 00 00 ff ff c0 a8 00 01}
068 * </ul>
069 *
070 * <p>A few notes about IPv6 "IPv4 mapped" addresses and their observed
071 * use in Java.
072 * <br><br>
073 * "IPv4 mapped" addresses were originally a representation of IPv4
074 * addresses for use on an IPv6 socket that could receive both IPv4
075 * and IPv6 connections (by disabling the {@code IPV6_V6ONLY} socket
076 * option on an IPv6 socket).  Yes, it's confusing.  Nevertheless,
077 * these "mapped" addresses were never supposed to be seen on the
078 * wire.  That assumption was dropped, some say mistakenly, in later
079 * RFCs with the apparent aim of making IPv4-to-IPv6 transition simpler.
080 *
081 * <p>Technically one <i>can</i> create a 128bit IPv6 address with the wire
082 * format of a "mapped" address, as shown above, and transmit it in an
083 * IPv6 packet header.  However, Java's InetAddress creation methods
084 * appear to adhere doggedly to the original intent of the "mapped"
085 * address: all "mapped" addresses return {@link Inet4Address} objects.
086 *
087 * <p>For added safety, it is common for IPv6 network operators to filter
088 * all packets where either the source or destination address appears to
089 * be a "compat" or "mapped" address.  Filtering suggestions usually
090 * recommend discarding any packets with source or destination addresses
091 * in the invalid range {@code ::/3}, which includes both of these bizarre
092 * address formats.  For more information on "bogons", including lists
093 * of IPv6 bogon space, see:
094 *
095 * <ul>
096 * <li><a target="_parent"
097 *        href="http://en.wikipedia.org/wiki/Bogon_filtering"
098 *       >http://en.wikipedia.org/wiki/Bogon_filtering</a>
099 * <li><a target="_parent"
100 *        href="http://www.cymru.com/Bogons/ipv6.txt"
101 *       >http://www.cymru.com/Bogons/ipv6.txt</a>
102 * <li><a target="_parent"
103 *        href="http://www.cymru.com/Bogons/v6bogon.html"
104 *       >http://www.cymru.com/Bogons/v6bogon.html</a>
105 * <li><a target="_parent"
106 *        href="http://www.space.net/~gert/RIPE/ipv6-filters.html"
107 *       >http://www.space.net/~gert/RIPE/ipv6-filters.html</a>
108 * </ul>
109 *
110 * @author Erik Kline
111 * @since 5.0
112 */
113@Beta
114public final class InetAddresses {
115  private static final int IPV4_PART_COUNT = 4;
116  private static final int IPV6_PART_COUNT = 8;
117  private static final Inet4Address LOOPBACK4 = (Inet4Address) forString("127.0.0.1");
118  private static final Inet4Address ANY4 = (Inet4Address) forString("0.0.0.0");
119
120  private InetAddresses() {}
121
122  /**
123   * Returns an {@link Inet4Address}, given a byte array representation of the IPv4 address.
124   *
125   * @param bytes byte array representing an IPv4 address (should be of length 4)
126   * @return {@link Inet4Address} corresponding to the supplied byte array
127   * @throws IllegalArgumentException if a valid {@link Inet4Address} can not be created
128   */
129  private static Inet4Address getInet4Address(byte[] bytes) {
130    Preconditions.checkArgument(bytes.length == 4,
131        "Byte array has invalid length for an IPv4 address: %s != 4.",
132        bytes.length);
133
134    // Given a 4-byte array, this cast should always succeed.
135    return (Inet4Address) bytesToInetAddress(bytes);
136  }
137
138  /**
139   * Returns the {@link InetAddress} having the given string representation.
140   *
141   * <p>This deliberately avoids all nameservice lookups (e.g. no DNS).
142   *
143   * @param ipString {@code String} containing an IPv4 or IPv6 string literal, e.g.
144   *     {@code "192.168.0.1"} or {@code "2001:db8::1"}
145   * @return {@link InetAddress} representing the argument
146   * @throws IllegalArgumentException if the argument is not a valid IP string literal
147   */
148  public static InetAddress forString(String ipString) {
149    byte[] addr = ipStringToBytes(ipString);
150
151    // The argument was malformed, i.e. not an IP string literal.
152    if (addr == null) {
153      throw new IllegalArgumentException(
154          String.format("'%s' is not an IP string literal.", ipString));
155    }
156
157    return bytesToInetAddress(addr);
158  }
159
160  /**
161   * Returns {@code true} if the supplied string is a valid IP string
162   * literal, {@code false} otherwise.
163   *
164   * @param ipString {@code String} to evaluated as an IP string literal
165   * @return {@code true} if the argument is a valid IP string literal
166   */
167  public static boolean isInetAddress(String ipString) {
168    return ipStringToBytes(ipString) != null;
169  }
170
171  private static byte[] ipStringToBytes(String ipString) {
172    // Make a first pass to categorize the characters in this string.
173    boolean hasColon = false;
174    boolean hasDot = false;
175    for (int i = 0; i < ipString.length(); i++) {
176      char c = ipString.charAt(i);
177      if (c == '.') {
178        hasDot = true;
179      } else if (c == ':') {
180        if (hasDot) {
181          return null;  // Colons must not appear after dots.
182        }
183        hasColon = true;
184      } else if (Character.digit(c, 16) == -1) {
185        return null;  // Everything else must be a decimal or hex digit.
186      }
187    }
188
189    // Now decide which address family to parse.
190    if (hasColon) {
191      if (hasDot) {
192        ipString = convertDottedQuadToHex(ipString);
193        if (ipString == null) {
194          return null;
195        }
196      }
197      return textToNumericFormatV6(ipString);
198    } else if (hasDot) {
199      return textToNumericFormatV4(ipString);
200    }
201    return null;
202  }
203
204  private static byte[] textToNumericFormatV4(String ipString) {
205    String[] address = ipString.split("\\.", IPV4_PART_COUNT + 1);
206    if (address.length != IPV4_PART_COUNT) {
207      return null;
208    }
209
210    byte[] bytes = new byte[IPV4_PART_COUNT];
211    try {
212      for (int i = 0; i < bytes.length; i++) {
213        bytes[i] = parseOctet(address[i]);
214      }
215    } catch (NumberFormatException ex) {
216      return null;
217    }
218
219    return bytes;
220  }
221
222  private static byte[] textToNumericFormatV6(String ipString) {
223    // An address can have [2..8] colons, and N colons make N+1 parts.
224    String[] parts = ipString.split(":", IPV6_PART_COUNT + 2);
225    if (parts.length < 3 || parts.length > IPV6_PART_COUNT + 1) {
226      return null;
227    }
228
229    // Disregarding the endpoints, find "::" with nothing in between.
230    // This indicates that a run of zeroes has been skipped.
231    int skipIndex = -1;
232    for (int i = 1; i < parts.length - 1; i++) {
233      if (parts[i].length() == 0) {
234        if (skipIndex >= 0) {
235          return null;  // Can't have more than one ::
236        }
237        skipIndex = i;
238      }
239    }
240
241    int partsHi;  // Number of parts to copy from above/before the "::"
242    int partsLo;  // Number of parts to copy from below/after the "::"
243    if (skipIndex >= 0) {
244      // If we found a "::", then check if it also covers the endpoints.
245      partsHi = skipIndex;
246      partsLo = parts.length - skipIndex - 1;
247      if (parts[0].length() == 0 && --partsHi != 0) {
248        return null;  // ^: requires ^::
249      }
250      if (parts[parts.length - 1].length() == 0 && --partsLo != 0) {
251        return null;  // :$ requires ::$
252      }
253    } else {
254      // Otherwise, allocate the entire address to partsHi.  The endpoints
255      // could still be empty, but parseHextet() will check for that.
256      partsHi = parts.length;
257      partsLo = 0;
258    }
259
260    // If we found a ::, then we must have skipped at least one part.
261    // Otherwise, we must have exactly the right number of parts.
262    int partsSkipped = IPV6_PART_COUNT - (partsHi + partsLo);
263    if (!(skipIndex >= 0 ? partsSkipped >= 1 : partsSkipped == 0)) {
264      return null;
265    }
266
267    // Now parse the hextets into a byte array.
268    ByteBuffer rawBytes = ByteBuffer.allocate(2 * IPV6_PART_COUNT);
269    try {
270      for (int i = 0; i < partsHi; i++) {
271        rawBytes.putShort(parseHextet(parts[i]));
272      }
273      for (int i = 0; i < partsSkipped; i++) {
274        rawBytes.putShort((short) 0);
275      }
276      for (int i = partsLo; i > 0; i--) {
277        rawBytes.putShort(parseHextet(parts[parts.length - i]));
278      }
279    } catch (NumberFormatException ex) {
280      return null;
281    }
282    return rawBytes.array();
283  }
284
285  private static String convertDottedQuadToHex(String ipString) {
286    int lastColon = ipString.lastIndexOf(':');
287    String initialPart = ipString.substring(0, lastColon + 1);
288    String dottedQuad = ipString.substring(lastColon + 1);
289    byte[] quad = textToNumericFormatV4(dottedQuad);
290    if (quad == null) {
291      return null;
292    }
293    String penultimate = Integer.toHexString(((quad[0] & 0xff) << 8) | (quad[1] & 0xff));
294    String ultimate = Integer.toHexString(((quad[2] & 0xff) << 8) | (quad[3] & 0xff));
295    return initialPart + penultimate + ":" + ultimate;
296  }
297
298  private static byte parseOctet(String ipPart) {
299    // Note: we already verified that this string contains only hex digits.
300    int octet = Integer.parseInt(ipPart);
301    // Disallow leading zeroes, because no clear standard exists on
302    // whether these should be interpreted as decimal or octal.
303    if (octet > 255 || (ipPart.startsWith("0") && ipPart.length() > 1)) {
304      throw new NumberFormatException();
305    }
306    return (byte) octet;
307  }
308
309  private static short parseHextet(String ipPart) {
310    // Note: we already verified that this string contains only hex digits.
311    int hextet = Integer.parseInt(ipPart, 16);
312    if (hextet > 0xffff) {
313      throw new NumberFormatException();
314    }
315    return (short) hextet;
316  }
317
318  /**
319   * Convert a byte array into an InetAddress.
320   *
321   * {@link InetAddress#getByAddress} is documented as throwing a checked
322   * exception "if IP address if of illegal length."  We replace it with
323   * an unchecked exception, for use by callers who already know that addr
324   * is an array of length 4 or 16.
325   *
326   * @param addr the raw 4-byte or 16-byte IP address in big-endian order
327   * @return an InetAddress object created from the raw IP address
328   */
329  private static InetAddress bytesToInetAddress(byte[] addr) {
330    try {
331      return InetAddress.getByAddress(addr);
332    } catch (UnknownHostException e) {
333      throw new AssertionError(e);
334    }
335  }
336
337  /**
338   * Returns the string representation of an {@link InetAddress}.
339   *
340   * <p>For IPv4 addresses, this is identical to
341   * {@link InetAddress#getHostAddress()}, but for IPv6 addresses, the output
342   * follows <a href="http://tools.ietf.org/html/rfc5952">RFC 5952</a>
343   * section 4.  The main difference is that this method uses "::" for zero
344   * compression, while Java's version uses the uncompressed form.
345   *
346   * <p>This method uses hexadecimal for all IPv6 addresses, including
347   * IPv4-mapped IPv6 addresses such as "::c000:201".  The output does not
348   * include a Scope ID.
349   *
350   * @param ip {@link InetAddress} to be converted to an address string
351   * @return {@code String} containing the text-formatted IP address
352   * @since 10.0
353   */
354  public static String toAddrString(InetAddress ip) {
355    Preconditions.checkNotNull(ip);
356    if (ip instanceof Inet4Address) {
357      // For IPv4, Java's formatting is good enough.
358      return ip.getHostAddress();
359    }
360    Preconditions.checkArgument(ip instanceof Inet6Address);
361    byte[] bytes = ip.getAddress();
362    int[] hextets = new int[IPV6_PART_COUNT];
363    for (int i = 0; i < hextets.length; i++) {
364      hextets[i] = Ints.fromBytes(
365          (byte) 0, (byte) 0, bytes[2 * i], bytes[2 * i + 1]);
366    }
367    compressLongestRunOfZeroes(hextets);
368    return hextetsToIPv6String(hextets);
369  }
370
371  /**
372   * Identify and mark the longest run of zeroes in an IPv6 address.
373   *
374   * <p>Only runs of two or more hextets are considered.  In case of a tie, the
375   * leftmost run wins.  If a qualifying run is found, its hextets are replaced
376   * by the sentinel value -1.
377   *
378   * @param hextets {@code int[]} mutable array of eight 16-bit hextets
379   */
380  private static void compressLongestRunOfZeroes(int[] hextets) {
381    int bestRunStart = -1;
382    int bestRunLength = -1;
383    int runStart = -1;
384    for (int i = 0; i < hextets.length + 1; i++) {
385      if (i < hextets.length && hextets[i] == 0) {
386        if (runStart < 0) {
387          runStart = i;
388        }
389      } else if (runStart >= 0) {
390        int runLength = i - runStart;
391        if (runLength > bestRunLength) {
392          bestRunStart = runStart;
393          bestRunLength = runLength;
394        }
395        runStart = -1;
396      }
397    }
398    if (bestRunLength >= 2) {
399      Arrays.fill(hextets, bestRunStart, bestRunStart + bestRunLength, -1);
400    }
401  }
402
403  /**
404   * Convert a list of hextets into a human-readable IPv6 address.
405   *
406   * <p>In order for "::" compression to work, the input should contain negative
407   * sentinel values in place of the elided zeroes.
408   *
409   * @param hextets {@code int[]} array of eight 16-bit hextets, or -1s
410   */
411  private static String hextetsToIPv6String(int[] hextets) {
412    /*
413     * While scanning the array, handle these state transitions:
414     *   start->num => "num"     start->gap => "::"
415     *   num->num   => ":num"    num->gap   => "::"
416     *   gap->num   => "num"     gap->gap   => ""
417     */
418    StringBuilder buf = new StringBuilder(39);
419    boolean lastWasNumber = false;
420    for (int i = 0; i < hextets.length; i++) {
421      boolean thisIsNumber = hextets[i] >= 0;
422      if (thisIsNumber) {
423        if (lastWasNumber) {
424          buf.append(':');
425        }
426        buf.append(Integer.toHexString(hextets[i]));
427      } else {
428        if (i == 0 || lastWasNumber) {
429          buf.append("::");
430        }
431      }
432      lastWasNumber = thisIsNumber;
433    }
434    return buf.toString();
435  }
436
437  /**
438   * Returns the string representation of an {@link InetAddress} suitable
439   * for inclusion in a URI.
440   *
441   * <p>For IPv4 addresses, this is identical to
442   * {@link InetAddress#getHostAddress()}, but for IPv6 addresses it
443   * compresses zeroes and surrounds the text with square brackets; for example
444   * {@code "[2001:db8::1]"}.
445   *
446   * <p>Per section 3.2.2 of
447   * <a target="_parent"
448   *    href="http://tools.ietf.org/html/rfc3986#section-3.2.2"
449   *  >http://tools.ietf.org/html/rfc3986</a>,
450   * a URI containing an IPv6 string literal is of the form
451   * {@code "http://[2001:db8::1]:8888/index.html"}.
452   *
453   * <p>Use of either {@link InetAddresses#toAddrString},
454   * {@link InetAddress#getHostAddress()}, or this method is recommended over
455   * {@link InetAddress#toString()} when an IP address string literal is
456   * desired.  This is because {@link InetAddress#toString()} prints the
457   * hostname and the IP address string joined by a "/".
458   *
459   * @param ip {@link InetAddress} to be converted to URI string literal
460   * @return {@code String} containing URI-safe string literal
461   */
462  public static String toUriString(InetAddress ip) {
463    if (ip instanceof Inet6Address) {
464      return "[" + toAddrString(ip) + "]";
465    }
466    return toAddrString(ip);
467  }
468
469  /**
470   * Returns an InetAddress representing the literal IPv4 or IPv6 host
471   * portion of a URL, encoded in the format specified by RFC 3986 section 3.2.2.
472   *
473   * <p>This function is similar to {@link InetAddresses#forString(String)},
474   * however, it requires that IPv6 addresses are surrounded by square brackets.
475   *
476   * <p>This function is the inverse of
477   * {@link InetAddresses#toUriString(java.net.InetAddress)}.
478   *
479   * @param hostAddr A RFC 3986 section 3.2.2 encoded IPv4 or IPv6 address
480   * @return an InetAddress representing the address in {@code hostAddr}
481   * @throws IllegalArgumentException if {@code hostAddr} is not a valid
482   *     IPv4 address, or IPv6 address surrounded by square brackets
483   */
484  public static InetAddress forUriString(String hostAddr) {
485    Preconditions.checkNotNull(hostAddr);
486
487    // Decide if this should be an IPv6 or IPv4 address.
488    String ipString;
489    int expectBytes;
490    if (hostAddr.startsWith("[") && hostAddr.endsWith("]")) {
491      ipString = hostAddr.substring(1, hostAddr.length() - 1);
492      expectBytes = 16;
493    } else {
494      ipString = hostAddr;
495      expectBytes = 4;
496    }
497
498    // Parse the address, and make sure the length/version is correct.
499    byte[] addr = ipStringToBytes(ipString);
500    if (addr == null || addr.length != expectBytes) {
501      throw new IllegalArgumentException(
502          String.format("Not a valid URI IP literal: '%s'", hostAddr));
503    }
504
505    return bytesToInetAddress(addr);
506  }
507
508  /**
509   * Returns {@code true} if the supplied string is a valid URI IP string
510   * literal, {@code false} otherwise.
511   *
512   * @param ipString {@code String} to evaluated as an IP URI host string literal
513   * @return {@code true} if the argument is a valid IP URI host
514   */
515  public static boolean isUriInetAddress(String ipString) {
516    try {
517      forUriString(ipString);
518      return true;
519    } catch (IllegalArgumentException e) {
520      return false;
521    }
522  }
523
524  /**
525   * Evaluates whether the argument is an IPv6 "compat" address.
526   *
527   * <p>An "IPv4 compatible", or "compat", address is one with 96 leading
528   * bits of zero, with the remaining 32 bits interpreted as an
529   * IPv4 address.  These are conventionally represented in string
530   * literals as {@code "::192.168.0.1"}, though {@code "::c0a8:1"} is
531   * also considered an IPv4 compatible address (and equivalent to
532   * {@code "::192.168.0.1"}).
533   *
534   * <p>For more on IPv4 compatible addresses see section 2.5.5.1 of
535   * <a target="_parent"
536   *    href="http://tools.ietf.org/html/rfc4291#section-2.5.5.1"
537   *    >http://tools.ietf.org/html/rfc4291</a>
538   *
539   * <p>NOTE: This method is different from
540   * {@link Inet6Address#isIPv4CompatibleAddress} in that it more
541   * correctly classifies {@code "::"} and {@code "::1"} as
542   * proper IPv6 addresses (which they are), NOT IPv4 compatible
543   * addresses (which they are generally NOT considered to be).
544   *
545   * @param ip {@link Inet6Address} to be examined for embedded IPv4 compatible address format
546   * @return {@code true} if the argument is a valid "compat" address
547   */
548  public static boolean isCompatIPv4Address(Inet6Address ip) {
549    if (!ip.isIPv4CompatibleAddress()) {
550      return false;
551    }
552
553    byte[] bytes = ip.getAddress();
554    if ((bytes[12] == 0) && (bytes[13] == 0) && (bytes[14] == 0)
555        && ((bytes[15] == 0) || (bytes[15] == 1))) {
556      return false;
557    }
558
559    return true;
560  }
561
562  /**
563   * Returns the IPv4 address embedded in an IPv4 compatible address.
564   *
565   * @param ip {@link Inet6Address} to be examined for an embedded IPv4 address
566   * @return {@link Inet4Address} of the embedded IPv4 address
567   * @throws IllegalArgumentException if the argument is not a valid IPv4 compatible address
568   */
569  public static Inet4Address getCompatIPv4Address(Inet6Address ip) {
570    Preconditions.checkArgument(isCompatIPv4Address(ip),
571        "Address '%s' is not IPv4-compatible.", toAddrString(ip));
572
573    return getInet4Address(Arrays.copyOfRange(ip.getAddress(), 12, 16));
574  }
575
576  /**
577   * Evaluates whether the argument is a 6to4 address.
578   *
579   * <p>6to4 addresses begin with the {@code "2002::/16"} prefix.
580   * The next 32 bits are the IPv4 address of the host to which
581   * IPv6-in-IPv4 tunneled packets should be routed.
582   *
583   * <p>For more on 6to4 addresses see section 2 of
584   * <a target="_parent" href="http://tools.ietf.org/html/rfc3056#section-2"
585   *    >http://tools.ietf.org/html/rfc3056</a>
586   *
587   * @param ip {@link Inet6Address} to be examined for 6to4 address format
588   * @return {@code true} if the argument is a 6to4 address
589   */
590  public static boolean is6to4Address(Inet6Address ip) {
591    byte[] bytes = ip.getAddress();
592    return (bytes[0] == (byte) 0x20) && (bytes[1] == (byte) 0x02);
593  }
594
595  /**
596   * Returns the IPv4 address embedded in a 6to4 address.
597   *
598   * @param ip {@link Inet6Address} to be examined for embedded IPv4 in 6to4 address
599   * @return {@link Inet4Address} of embedded IPv4 in 6to4 address
600   * @throws IllegalArgumentException if the argument is not a valid IPv6 6to4 address
601   */
602  public static Inet4Address get6to4IPv4Address(Inet6Address ip) {
603    Preconditions.checkArgument(is6to4Address(ip),
604        "Address '%s' is not a 6to4 address.", toAddrString(ip));
605
606    return getInet4Address(Arrays.copyOfRange(ip.getAddress(), 2, 6));
607  }
608
609  /**
610   * A simple immutable data class to encapsulate the information to be found in a
611   * Teredo address.
612   *
613   * <p>All of the fields in this class are encoded in various portions
614   * of the IPv6 address as part of the protocol.  More protocols details
615   * can be found at:
616   * <a target="_parent" href="http://en.wikipedia.org/wiki/Teredo_tunneling"
617   *    >http://en.wikipedia.org/wiki/Teredo_tunneling</a>.
618   *
619   * <p>The RFC can be found here:
620   * <a target="_parent" href="http://tools.ietf.org/html/rfc4380"
621   *    >http://tools.ietf.org/html/rfc4380</a>.
622   *
623   * @since 5.0
624   */
625  @Beta
626  public static final class TeredoInfo {
627    private final Inet4Address server;
628    private final Inet4Address client;
629    private final int port;
630    private final int flags;
631
632    /**
633     * Constructs a TeredoInfo instance.
634     *
635     * <p>Both server and client can be {@code null}, in which case the
636     * value {@code "0.0.0.0"} will be assumed.
637     *
638     * @throws IllegalArgumentException if either of the {@code port} or the {@code flags}
639     *     arguments are out of range of an unsigned short
640     */
641    // TODO: why is this public?
642    public TeredoInfo(
643        @Nullable Inet4Address server, @Nullable Inet4Address client, int port, int flags) {
644      Preconditions.checkArgument((port >= 0) && (port <= 0xffff),
645          "port '%s' is out of range (0 <= port <= 0xffff)", port);
646      Preconditions.checkArgument((flags >= 0) && (flags <= 0xffff),
647          "flags '%s' is out of range (0 <= flags <= 0xffff)", flags);
648
649      this.server = MoreObjects.firstNonNull(server, ANY4);
650      this.client = MoreObjects.firstNonNull(client, ANY4);
651      this.port = port;
652      this.flags = flags;
653    }
654
655    public Inet4Address getServer() {
656      return server;
657    }
658
659    public Inet4Address getClient() {
660      return client;
661    }
662
663    public int getPort() {
664      return port;
665    }
666
667    public int getFlags() {
668      return flags;
669    }
670  }
671
672  /**
673   * Evaluates whether the argument is a Teredo address.
674   *
675   * <p>Teredo addresses begin with the {@code "2001::/32"} prefix.
676   *
677   * @param ip {@link Inet6Address} to be examined for Teredo address format
678   * @return {@code true} if the argument is a Teredo address
679   */
680  public static boolean isTeredoAddress(Inet6Address ip) {
681    byte[] bytes = ip.getAddress();
682    return (bytes[0] == (byte) 0x20) && (bytes[1] == (byte) 0x01)
683           && (bytes[2] == 0) && (bytes[3] == 0);
684  }
685
686  /**
687   * Returns the Teredo information embedded in a Teredo address.
688   *
689   * @param ip {@link Inet6Address} to be examined for embedded Teredo information
690   * @return extracted {@code TeredoInfo}
691   * @throws IllegalArgumentException if the argument is not a valid IPv6 Teredo address
692   */
693  public static TeredoInfo getTeredoInfo(Inet6Address ip) {
694    Preconditions.checkArgument(isTeredoAddress(ip),
695        "Address '%s' is not a Teredo address.", toAddrString(ip));
696
697    byte[] bytes = ip.getAddress();
698    Inet4Address server = getInet4Address(Arrays.copyOfRange(bytes, 4, 8));
699
700    int flags = ByteStreams.newDataInput(bytes, 8).readShort() & 0xffff;
701
702    // Teredo obfuscates the mapped client port, per section 4 of the RFC.
703    int port = ~ByteStreams.newDataInput(bytes, 10).readShort() & 0xffff;
704
705    byte[] clientBytes = Arrays.copyOfRange(bytes, 12, 16);
706    for (int i = 0; i < clientBytes.length; i++) {
707      // Teredo obfuscates the mapped client IP, per section 4 of the RFC.
708      clientBytes[i] = (byte) ~clientBytes[i];
709    }
710    Inet4Address client = getInet4Address(clientBytes);
711
712    return new TeredoInfo(server, client, port, flags);
713  }
714
715  /**
716   * Evaluates whether the argument is an ISATAP address.
717   *
718   * <p>From RFC 5214: "ISATAP interface identifiers are constructed in
719   * Modified EUI-64 format [...] by concatenating the 24-bit IANA OUI
720   * (00-00-5E), the 8-bit hexadecimal value 0xFE, and a 32-bit IPv4
721   * address in network byte order [...]"
722   *
723   * <p>For more on ISATAP addresses see section 6.1 of
724   * <a target="_parent" href="http://tools.ietf.org/html/rfc5214#section-6.1"
725   *    >http://tools.ietf.org/html/rfc5214</a>
726   *
727   * @param ip {@link Inet6Address} to be examined for ISATAP address format
728   * @return {@code true} if the argument is an ISATAP address
729   */
730  public static boolean isIsatapAddress(Inet6Address ip) {
731
732    // If it's a Teredo address with the right port (41217, or 0xa101)
733    // which would be encoded as 0x5efe then it can't be an ISATAP address.
734    if (isTeredoAddress(ip)) {
735      return false;
736    }
737
738    byte[] bytes = ip.getAddress();
739
740    if ((bytes[8] | (byte) 0x03) != (byte) 0x03) {
741
742      // Verify that high byte of the 64 bit identifier is zero, modulo
743      // the U/L and G bits, with which we are not concerned.
744      return false;
745    }
746
747    return (bytes[9] == (byte) 0x00) && (bytes[10] == (byte) 0x5e)
748           && (bytes[11] == (byte) 0xfe);
749  }
750
751  /**
752   * Returns the IPv4 address embedded in an ISATAP address.
753   *
754   * @param ip {@link Inet6Address} to be examined for embedded IPv4 in ISATAP address
755   * @return {@link Inet4Address} of embedded IPv4 in an ISATAP address
756   * @throws IllegalArgumentException if the argument is not a valid IPv6 ISATAP address
757   */
758  public static Inet4Address getIsatapIPv4Address(Inet6Address ip) {
759    Preconditions.checkArgument(isIsatapAddress(ip),
760        "Address '%s' is not an ISATAP address.", toAddrString(ip));
761
762    return getInet4Address(Arrays.copyOfRange(ip.getAddress(), 12, 16));
763  }
764
765  /**
766   * Examines the Inet6Address to determine if it is an IPv6 address of one
767   * of the specified address types that contain an embedded IPv4 address.
768   *
769   * <p>NOTE: ISATAP addresses are explicitly excluded from this method
770   * due to their trivial spoofability.  With other transition addresses
771   * spoofing involves (at least) infection of one's BGP routing table.
772   *
773   * @param ip {@link Inet6Address} to be examined for embedded IPv4 client address
774   * @return {@code true} if there is an embedded IPv4 client address
775   * @since 7.0
776   */
777  public static boolean hasEmbeddedIPv4ClientAddress(Inet6Address ip) {
778    return isCompatIPv4Address(ip) || is6to4Address(ip) || isTeredoAddress(ip);
779  }
780
781  /**
782   * Examines the Inet6Address to extract the embedded IPv4 client address
783   * if the InetAddress is an IPv6 address of one of the specified address
784   * types that contain an embedded IPv4 address.
785   *
786   * <p>NOTE: ISATAP addresses are explicitly excluded from this method
787   * due to their trivial spoofability.  With other transition addresses
788   * spoofing involves (at least) infection of one's BGP routing table.
789   *
790   * @param ip {@link Inet6Address} to be examined for embedded IPv4 client address
791   * @return {@link Inet4Address} of embedded IPv4 client address
792   * @throws IllegalArgumentException if the argument does not have a valid embedded IPv4 address
793   */
794  public static Inet4Address getEmbeddedIPv4ClientAddress(Inet6Address ip) {
795    if (isCompatIPv4Address(ip)) {
796      return getCompatIPv4Address(ip);
797    }
798
799    if (is6to4Address(ip)) {
800      return get6to4IPv4Address(ip);
801    }
802
803    if (isTeredoAddress(ip)) {
804      return getTeredoInfo(ip).getClient();
805    }
806
807    throw new IllegalArgumentException(
808        String.format("'%s' has no embedded IPv4 address.", toAddrString(ip)));
809  }
810
811  /**
812   * Evaluates whether the argument is an "IPv4 mapped" IPv6 address.
813   *
814   * <p>An "IPv4 mapped" address is anything in the range ::ffff:0:0/96
815   * (sometimes written as ::ffff:0.0.0.0/96), with the last 32 bits
816   * interpreted as an IPv4 address.
817   *
818   * <p>For more on IPv4 mapped addresses see section 2.5.5.2 of
819   * <a target="_parent"
820   *    href="http://tools.ietf.org/html/rfc4291#section-2.5.5.2"
821   *    >http://tools.ietf.org/html/rfc4291</a>
822   *
823   * <p>Note: This method takes a {@code String} argument because
824   * {@link InetAddress} automatically collapses mapped addresses to IPv4.
825   * (It is actually possible to avoid this using one of the obscure
826   * {@link Inet6Address} methods, but it would be unwise to depend on such
827   * a poorly-documented feature.)
828   *
829   * @param ipString {@code String} to be examined for embedded IPv4-mapped IPv6 address format
830   * @return {@code true} if the argument is a valid "mapped" address
831   * @since 10.0
832   */
833  public static boolean isMappedIPv4Address(String ipString) {
834    byte[] bytes = ipStringToBytes(ipString);
835    if (bytes != null && bytes.length == 16) {
836      for (int i = 0; i < 10; i++) {
837        if (bytes[i] != 0) {
838          return false;
839        }
840      }
841      for (int i = 10; i < 12; i++) {
842        if (bytes[i] != (byte) 0xff) {
843          return false;
844        }
845      }
846      return true;
847    }
848    return false;
849  }
850
851  /**
852   * Coerces an IPv6 address into an IPv4 address.
853   *
854   * <p>HACK: As long as applications continue to use IPv4 addresses for
855   * indexing into tables, accounting, et cetera, it may be necessary to
856   * <b>coerce</b> IPv6 addresses into IPv4 addresses. This function does
857   * so by hashing the upper 64 bits into {@code 224.0.0.0/3}
858   * (64 bits into 29 bits).
859   *
860   * <p>A "coerced" IPv4 address is equivalent to itself.
861   *
862   * <p>NOTE: This function is failsafe for security purposes: ALL IPv6
863   * addresses (except localhost (::1)) are hashed to avoid the security
864   * risk associated with extracting an embedded IPv4 address that might
865   * permit elevated privileges.
866   *
867   * @param ip {@link InetAddress} to "coerce"
868   * @return {@link Inet4Address} represented "coerced" address
869   * @since 7.0
870   */
871  public static Inet4Address getCoercedIPv4Address(InetAddress ip) {
872    if (ip instanceof Inet4Address) {
873      return (Inet4Address) ip;
874    }
875
876    // Special cases:
877    byte[] bytes = ip.getAddress();
878    boolean leadingBytesOfZero = true;
879    for (int i = 0; i < 15; ++i) {
880      if (bytes[i] != 0) {
881        leadingBytesOfZero = false;
882        break;
883      }
884    }
885    if (leadingBytesOfZero && (bytes[15] == 1)) {
886      return LOOPBACK4;  // ::1
887    } else if (leadingBytesOfZero && (bytes[15] == 0)) {
888      return ANY4;  // ::0
889    }
890
891    Inet6Address ip6 = (Inet6Address) ip;
892    long addressAsLong = 0;
893    if (hasEmbeddedIPv4ClientAddress(ip6)) {
894      addressAsLong = getEmbeddedIPv4ClientAddress(ip6).hashCode();
895    } else {
896
897      // Just extract the high 64 bits (assuming the rest is user-modifiable).
898      addressAsLong = ByteBuffer.wrap(ip6.getAddress(), 0, 8).getLong();
899    }
900
901    // Many strategies for hashing are possible.  This might suffice for now.
902    int coercedHash = Hashing.murmur3_32().hashLong(addressAsLong).asInt();
903
904    // Squash into 224/4 Multicast and 240/4 Reserved space (i.e. 224/3).
905    coercedHash |= 0xe0000000;
906
907    // Fixup to avoid some "illegal" values.  Currently the only potential
908    // illegal value is 255.255.255.255.
909    if (coercedHash == 0xffffffff) {
910      coercedHash = 0xfffffffe;
911    }
912
913    return getInet4Address(Ints.toByteArray(coercedHash));
914  }
915
916  /**
917   * Returns an integer representing an IPv4 address regardless of
918   * whether the supplied argument is an IPv4 address or not.
919   *
920   * <p>IPv6 addresses are <b>coerced</b> to IPv4 addresses before being
921   * converted to integers.
922   *
923   * <p>As long as there are applications that assume that all IP addresses
924   * are IPv4 addresses and can therefore be converted safely to integers
925   * (for whatever purpose) this function can be used to handle IPv6
926   * addresses as well until the application is suitably fixed.
927   *
928   * <p>NOTE: an IPv6 address coerced to an IPv4 address can only be used
929   * for such purposes as rudimentary identification or indexing into a
930   * collection of real {@link InetAddress}es.  They cannot be used as
931   * real addresses for the purposes of network communication.
932   *
933   * @param ip {@link InetAddress} to convert
934   * @return {@code int}, "coerced" if ip is not an IPv4 address
935   * @since 7.0
936   */
937  public static int coerceToInteger(InetAddress ip) {
938    return ByteStreams.newDataInput(getCoercedIPv4Address(ip).getAddress()).readInt();
939  }
940
941  /**
942   * Returns an Inet4Address having the integer value specified by
943   * the argument.
944   *
945   * @param address {@code int}, the 32bit integer address to be converted
946   * @return {@link Inet4Address} equivalent of the argument
947   */
948  public static Inet4Address fromInteger(int address) {
949    return getInet4Address(Ints.toByteArray(address));
950  }
951
952  /**
953   * Returns an address from a <b>little-endian ordered</b> byte array
954   * (the opposite of what {@link InetAddress#getByAddress} expects).
955   *
956   * <p>IPv4 address byte array must be 4 bytes long and IPv6 byte array
957   * must be 16 bytes long.
958   *
959   * @param addr the raw IP address in little-endian byte order
960   * @return an InetAddress object created from the raw IP address
961   * @throws UnknownHostException if IP address is of illegal length
962   */
963  public static InetAddress fromLittleEndianByteArray(byte[] addr) throws UnknownHostException {
964    byte[] reversed = new byte[addr.length];
965    for (int i = 0; i < addr.length; i++) {
966      reversed[i] = addr[addr.length - i - 1];
967    }
968    return InetAddress.getByAddress(reversed);
969  }
970
971  /**
972   * Returns a new InetAddress that is one less than the passed in address.
973   * This method works for both IPv4 and IPv6 addresses.
974   *
975   * @param address the InetAddress to decrement
976   * @return a new InetAddress that is one less than the passed in address
977   * @throws IllegalArgumentException if InetAddress is at the beginning of its range
978   * @since 18.0
979   */
980  public static InetAddress decrement(InetAddress address) {
981    byte[] addr = address.getAddress();
982    int i = addr.length - 1;
983    while (i >= 0 && addr[i] == (byte) 0x00) {
984      addr[i] = (byte) 0xff;
985      i--;
986    }
987
988    Preconditions.checkArgument(i >= 0, "Decrementing %s would wrap.", address);
989
990    addr[i]--;
991    return bytesToInetAddress(addr);
992  }
993
994  /**
995   * Returns a new InetAddress that is one more than the passed in address.
996   * This method works for both IPv4 and IPv6 addresses.
997   *
998   * @param address the InetAddress to increment
999   * @return a new InetAddress that is one more than the passed in address
1000   * @throws IllegalArgumentException if InetAddress is at the end of its range
1001   * @since 10.0
1002   */
1003  public static InetAddress increment(InetAddress address) {
1004    byte[] addr = address.getAddress();
1005    int i = addr.length - 1;
1006    while (i >= 0 && addr[i] == (byte) 0xff) {
1007      addr[i] = 0;
1008      i--;
1009    }
1010
1011    Preconditions.checkArgument(i >= 0, "Incrementing %s would wrap.", address);
1012
1013    addr[i]++;
1014    return bytesToInetAddress(addr);
1015  }
1016
1017  /**
1018   * Returns true if the InetAddress is either 255.255.255.255 for IPv4 or
1019   * ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6.
1020   *
1021   * @return true if the InetAddress is either 255.255.255.255 for IPv4 or
1022   *     ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6
1023   * @since 10.0
1024   */
1025  public static boolean isMaximum(InetAddress address) {
1026    byte[] addr = address.getAddress();
1027    for (int i = 0; i < addr.length; i++) {
1028      if (addr[i] != (byte) 0xff) {
1029        return false;
1030      }
1031    }
1032    return true;
1033  }
1034}